Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Distributed Search and Lookups

ruisantos
Path Finder
‎05-13-2010 03:07 PM

Hi,

I'm getting an error on my Search Head when browsing for content related to some LOOKUP directives I have in my apps.

The LOOKUP directives were copied from one of the search peers were they are working.

Currently my problems are: - I'm getting an error stating that this lookup does not exist on one of the search peers (true, because that search peer does not required them) - the LOOKUP directives are not working on the search head.

Any ideas on how this can be solved?

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎06-04-2010 09:07 PM

Splunk should automatically move lookup related files to the search peers from the search head. Is this a script-based lookup? If so, there are some intricacies in getting these to work in distributed, since they may land in a different-than-expected directory.

Could you share your configuration and the general mechanism of operation for your lookup?

0 Karma
Reply

gfriedmann
Communicator
‎06-23-2011 03:16 PM

What are the intricacies for a script based lookup in a distributed environment? For example, dnslookup.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...